secret-keeper 1.0.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +25 -9
  3. data/lib/secret-keeper.rb +31 -21
  4. data/spec/secret-keeper_spec.rb +72 -2
  5. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a4af085b4a020f82a80ec5e4f2995fc676c6d24497b424ccfe5788d8fa83085b
4
- data.tar.gz: 4f3c88876416d7dadf20f903338827b52c03ecb1799b5b31b823d5cd484e5513
3
+ metadata.gz: 993613940fe2fd54b0db8ea676aeaeb82a1de574b6d986a904f14e166d9826a2
4
+ data.tar.gz: 92c2b76672090397d60871cf438fc597877351ae74c09cd4f43d927d2c3de0b1
5
5
  SHA512:
6
- metadata.gz: 40512c3536a8f2b8824f3d6fbf97df57e8381fb7d5f135ef3ac05771a6ca9b472e52aa1818e35d7699400b688f918b6f534895eef04ff359d4706f99bd24da37
7
- data.tar.gz: 5aecafc7b60fb43bc34b46744b63761db551b44d428e7fcfdb8afd8ee74e157a51f43903f45e3f8bf925150975d5c80e999344cef824e81e01c3603591f2190e
6
+ metadata.gz: a3c9d114ab4bcd7b0958ff3fa999e2b2ffb3c4bda4eeab15e54841daa9596d24ec6c7323893d07995e8fe6f4c7fb47ccc082e88b5c89513fe12010a350ba1b84
7
+ data.tar.gz: 9a6e63acc12ef13e56237e8dde65e28b45a47423a700b71c6d79486fabcf89dbd3f13426f26e23ab08f54a9ca09fb186b00bcdefab19f6a3c1bc1e27c8682719
data/README.md CHANGED
@@ -12,6 +12,16 @@ with bundler, write follwing line in your Gemfile
12
12
 
13
13
  gem 'secret-keeper', require: false
14
14
 
15
+ ## Upgrade from v1 to v2
16
+
17
+ The *remove_production* parameter of *decrypt_files* has been removed after version 2.0.0.
18
+ If you wants to remove *production* settings after decrypt files, you can set *remove_production* option to *true* in *secret-keeper.yml*:
19
+
20
+ ```
21
+ options:
22
+ remove_production: false
23
+ ```
24
+
15
25
  ## Usage
16
26
  setup files need to be encrypted in config/secret-keeper.yml
17
27
 
@@ -19,6 +29,10 @@ setup files need to be encrypted in config/secret-keeper.yml
19
29
  development:
20
30
  ev_name: SECRET_KEEPER
21
31
  cipher: AES-256-CBC
32
+ options:
33
+ slience: false
34
+ remove_production: false
35
+ remove_source: false
22
36
  tasks:
23
37
  -
24
38
  encrypt_from: example/database.yml
@@ -55,16 +69,18 @@ decrypt files based on your tasks defined in config/secret-keeper.yml
55
69
  # * example/secrets.yml.enc --> example/secrets.yml, ok
56
70
  # Done!
57
71
 
58
- decrypt files and remove production configs
59
-
60
- irb> production? = true
61
- irb> SecretKeeper.decrypt_files(production?)
62
- # Decrypting... (production config removed)
63
- # * example/database.yml.enc --> example/database.yml, ok
64
- # * example/secrets.yml.enc --> example/secrets.yml, ok
65
- # Done!
66
-
67
72
  ## Available Ciphers
68
73
 
69
74
  irb> require 'openssl'
70
75
  irb> OpenSSL::Cipher.ciphers
76
+
77
+ ## Options
78
+
79
+ * slience
80
+ When this option set to *true*, the tasks will run in slience mode. Messages will not show no screen. Default is *false*.
81
+
82
+ * remove_production
83
+ When this option set to *true*, the *production* settings in the decrypted files will be removed after the decryption task. Default is *false*.
84
+
85
+ * remove_source
86
+ When this option set to *true*, the source file will be removed after either encrypt or decrypt tasks. Default is *false*.
data/lib/secret-keeper.rb CHANGED
@@ -2,27 +2,37 @@ require 'openssl'
2
2
  require 'yaml'
3
3
 
4
4
  class SecretKeeper
5
+ attr_reader :tasks, :options
6
+
5
7
  def self.encrypt_files
8
+ printer = ['Encrypting...']
6
9
  sk = SecretKeeper.new
7
- puts 'Encrypting...' unless sk.slience
10
+ printer << '(production config removed)' if sk.options['remove_production']
11
+ printer << '(source files removed)' if sk.options['remove_source']
8
12
  ok_queue = []
9
13
  sk.tasks.each do |task|
10
- from = task['encrypt_from']
14
+ from = File.exists?(task['encrypt_from']) ? task['encrypt_from'] : task['decrypt_to']
11
15
  to = task['encrypt_to']
12
16
 
13
17
  result = sk.encrypt_file(from, to)
18
+ if result == :ok
19
+ result = sk.remove_file(from) if sk.options['remove_source']
20
+ end
21
+
14
22
  ok_queue << result if result == :ok
15
- puts " * #{from} --> #{to}, #{result}" unless sk.slience
23
+ printer << " * #{from} --> #{to}, #{result}"
16
24
  end
17
25
  success = ok_queue.count == sk.tasks.count
18
- puts success ? 'Done!' : 'Failed!' unless sk.slience
26
+ printer << (success ? 'Done!' : 'Failed!')
27
+ printer.each{ |row| puts row } unless sk.options['slience']
19
28
  success
20
29
  end
21
30
 
22
- def self.decrypt_files(remove_production=false)
31
+ def self.decrypt_files
32
+ printer = ['Decrypting...']
23
33
  sk = SecretKeeper.new
24
- print 'Decrypting...' unless sk.slience
25
- puts remove_production ? '(production config removed)' : nil unless sk.slience
34
+ printer << '(production config removed)' if sk.options['remove_production']
35
+ printer << '(source files removed)' if sk.options['remove_source']
26
36
 
27
37
  ok_queue = []
28
38
  sk.tasks.each do |task|
@@ -30,16 +40,17 @@ class SecretKeeper
30
40
  to = task['decrypt_to'] || task['encrypt_from']
31
41
 
32
42
  result = sk.decrypt_file(from, to)
33
-
34
- if result == :ok && remove_production
35
- result = sk.remove_production_config(to)
43
+ if result == :ok
44
+ result = sk.remove_production_config(to) if sk.options['remove_production']
45
+ result = sk.remove_file(from) if sk.options['remove_source']
36
46
  end
37
47
 
38
48
  ok_queue << result if result == :ok
39
- puts " * #{from} --> #{to}, #{result}" unless sk.slience
49
+ printer << " * #{from} --> #{to}, #{result}"
40
50
  end
41
51
  success = ok_queue.count == sk.tasks.count
42
- puts success ? 'Done!' : 'Failed!' unless sk.slience
52
+ printer << (success ? 'Done!' : 'Failed!')
53
+ printer.each{ |row| puts row } unless sk.options['slience']
43
54
  success
44
55
  end
45
56
 
@@ -56,15 +67,7 @@ class SecretKeeper
56
67
  @using_cipher = OpenSSL::Cipher.new(config['cipher'] || 'AES-256-CBC')
57
68
  @cipher_key = Digest::SHA2.hexdigest(ENV[ev_name])[0...@using_cipher.key_len]
58
69
 
59
- @slience = config['slience'] || false
60
- end
61
-
62
- def tasks
63
- @tasks
64
- end
65
-
66
- def slience
67
- @slience
70
+ @options = config['options']
68
71
  end
69
72
 
70
73
  def encrypt_file(from_file, to_file)
@@ -93,6 +96,13 @@ class SecretKeeper
93
96
  e
94
97
  end
95
98
 
99
+ def remove_file(file_path)
100
+ File.delete(file_path)
101
+ :ok
102
+ rescue => e
103
+ e
104
+ end
105
+
96
106
  private
97
107
 
98
108
  def encrypt(data)
data/spec/secret-keeper_spec.rb CHANGED
@@ -1,6 +1,12 @@
1
1
  describe SecretKeeper do
2
2
  before(:each) do
3
3
  ENV['SECRET_KEEPER'] = 'PASSWORD_HERE'
4
+ FileUtils.copy_entry('./example', './example_backup')
5
+ end
6
+
7
+ after(:each) do
8
+ FileUtils.rm_r('./example')
9
+ FileUtils.mv('./example_backup', './example')
4
10
  end
5
11
 
6
12
  describe '.encrypt_files' do
@@ -8,6 +14,24 @@ describe SecretKeeper do
8
14
  result = SecretKeeper.encrypt_files
9
15
  expect(result).to eq(true)
10
16
  end
17
+
18
+ it 'should return true on remove_source true' do
19
+ options = {
20
+ 'slience' => true,
21
+ 'remove_production' => false,
22
+ 'remove_source' => true
23
+ }
24
+ allow_any_instance_of(SecretKeeper).to receive(:options).and_return(options)
25
+
26
+ result = SecretKeeper.encrypt_files
27
+ expect(result).to eq(true)
28
+ SecretKeeper.new.tasks.each do |task|
29
+ source_file = task['encrypt_from']
30
+ target_file = task['encrypt_to']
31
+ expect(File.exists?(source_file)).to eq(false)
32
+ expect(File.exists?(target_file)).to eq(true)
33
+ end
34
+ end
11
35
  end
12
36
 
13
37
  describe '.decrypt_files' do
@@ -19,12 +43,58 @@ describe SecretKeeper do
19
43
  expect(hash['production']['secret_key_base']).to eq('339f639f4fe35c5ffaa47ace973260b12e51b0b4fe1f65effd283a5f054f47594b24bd565779e351a20dfd4ada4f777958f0417b305c06cdedbde392b8e1fd07')
20
44
  end
21
45
 
22
- it 'should return true on remove_production true' do
23
- result = SecretKeeper.decrypt_files(ENV['RAILS_ENV'] != 'production')
46
+ it 'should return true on remove_production true and remove_source false' do
47
+ options = {
48
+ 'slience' => true,
49
+ 'remove_production' => true,
50
+ 'remove_source' => false
51
+ }
52
+ allow_any_instance_of(SecretKeeper).to receive(:options).and_return(options)
53
+
54
+ result = SecretKeeper.decrypt_files
55
+ expect(result).to eq(true)
56
+ hash = YAML.load_file('example/secrets.yml')
57
+ expect(hash['development']['secret_key_base']).to eq('e8310af93d52f174f475940c41fbfb90417b300ebc19e1b24bd5639f4fe35c5ffaa5775a347ace9732958f656a47f6bb8e1fd0760b12e51b0b4fe1f65ef0a1d6')
58
+ expect(hash['production']).to be_nil
59
+ end
60
+
61
+ it 'should return true on remove_production false and remove_source true' do
62
+ options = {
63
+ 'slience' => true,
64
+ 'remove_production' => false,
65
+ 'remove_source' => true
66
+ }
67
+ allow_any_instance_of(SecretKeeper).to receive(:options).and_return(options)
68
+
69
+ result = SecretKeeper.decrypt_files
70
+ expect(result).to eq(true)
71
+ SecretKeeper.new.tasks.each do |task|
72
+ source_file = task['decrypt_from'] || task['encrypt_to']
73
+ target_file = task['decrypt_to'] || task['encrypt_from']
74
+ expect(File.exists?(source_file)).to eq(false)
75
+ expect(File.exists?(target_file)).to eq(true)
76
+ end
77
+ end
78
+
79
+ it 'should return true on remove_production true and remove_source true' do
80
+ options = {
81
+ 'slience' => true,
82
+ 'remove_production' => true,
83
+ 'remove_source' => true
84
+ }
85
+ allow_any_instance_of(SecretKeeper).to receive(:options).and_return(options)
86
+
87
+ result = SecretKeeper.decrypt_files
24
88
  expect(result).to eq(true)
25
89
  hash = YAML.load_file('example/secrets.yml')
26
90
  expect(hash['development']['secret_key_base']).to eq('e8310af93d52f174f475940c41fbfb90417b300ebc19e1b24bd5639f4fe35c5ffaa5775a347ace9732958f656a47f6bb8e1fd0760b12e51b0b4fe1f65ef0a1d6')
27
91
  expect(hash['production']).to be_nil
92
+ SecretKeeper.new.tasks.each do |task|
93
+ source_file = task['decrypt_from'] || task['encrypt_to']
94
+ target_file = task['decrypt_to'] || task['encrypt_from']
95
+ expect(File.exists?(source_file)).to eq(false)
96
+ expect(File.exists?(target_file)).to eq(true)
97
+ end
28
98
  end
29
99
 
30
100
  it 'should be false, if SECRET_KEEPER incorrect' do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: secret-keeper
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 2.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ray Lee
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-02-04 00:00:00.000000000 Z
11
+ date: 2022-05-27 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: '3.0'
19
+ version: '3.9'
20
20
  type: :development
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: '3.0'
26
+ version: '3.9'
27
27
  description: A Secret keeper
28
28
  email: ray-lee@kdanmobile.com
29
29
  executables: []
@@ -47,14 +47,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
47
47
  requirements:
48
48
  - - ">="
49
49
  - !ruby/object:Gem::Version
50
- version: 2.3.1
50
+ version: 2.7.0
51
51
  required_rubygems_version: !ruby/object:Gem::Requirement
52
52
  requirements:
53
53
  - - ">="
54
54
  - !ruby/object:Gem::Version
55
55
  version: '0'
56
56
  requirements: []
57
- rubygems_version: 3.1.4
57
+ rubygems_version: 3.2.32
58
58
  signing_key:
59
59
  specification_version: 4
60
60
  summary: Keep all your secret files within openssl